マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Siggen.4315

Added to the Dr.Web virus database: 2022-01-08

Virus description added:

Technical Information

Malicious functions:
Gains root privileges
Launches itself as a daemon
Launches processes:
  • sh -c /bin/sh -c 'PATH=\"/bin:/sbin:/usr/bin:/usr/sbin:/etc\" sysctl -n \"kernel.shmmax\"'
  • /bin/sh -c PATH=\"/bin:/sbin:/usr/bin:/usr/sbin:/etc\" sysctl -n \"kernel.shmmax\"
  • sysctl -n kernel.shmmax
  • sh -c /bin/sh -c 'PATH=\"/bin:/sbin:/usr/bin:/usr/sbin:/etc\" sysctl -n \"kernel.shmall\"'
  • /bin/sh -c PATH=\"/bin:/sbin:/usr/bin:/usr/sbin:/etc\" sysctl -n \"kernel.shmall\"
  • sysctl -n kernel.shmall
  • /bin/sh
  • awk { printf(\"0x%s\n\
  • sort -u
Performs operations with the file system:
Modifies file access rights:
  • /var/tmp/dev_coll.tmp
Creates or modifies files:
  • /usr/sap/tmp/B9F14399
  • /usr/sap/tmp/D52B064B
  • /usr/sap/tmp/E69FEBB5
  • /usr/sap/tmp/C15EE806
  • /usr/sap/tmp/12E59EEC
  • /usr/sap/tmp/F4551E80
  • /usr/sap/tmp/06484CC3
  • /usr/sap/tmp/1B119440
  • /usr/sap/tmp/170B076E
  • /usr/sap/tmp/A0FA062D
  • /usr/sap/tmp/12E0D01B
  • /usr/sap/tmp/6F9ECAAB
  • /usr/sap/tmp/64726606
  • /usr/sap/tmp/8C72CD83
  • /usr/sap/tmp/99704ADB
  • /usr/sap/tmp/D1F24B8F
  • /usr/sap/tmp/74284D35
  • /usr/sap/tmp/D650ACE0
  • /usr/sap/tmp/DACFA766
  • /usr/sap/tmp/686FEBBD
  • /usr/sap/tmp/117A67A7
  • /usr/sap/tmp/D0C8B798
  • /usr/sap/tmp/33D56000
  • /usr/sap/tmp/B453D194
  • /usr/sap/tmp/35ADF5CD
  • /usr/sap/tmp/BA474AC7
  • /usr/sap/tmp/D0834219
  • /usr/sap/tmp/E44C80C8
  • /usr/sap/tmp/AF70F1E6
  • /usr/sap/tmp/17459B45
  • /usr/sap/tmp/28C980BC
  • /usr/sap/tmp/4B4B5C29
  • /usr/sap/tmp/74C3709D
  • /usr/sap/tmp/97501B8E
  • /usr/sap/tmp/7869A20E
  • /usr/sap/tmp/AA30B6AB
  • /usr/sap/tmp/6E5DF3F2
  • /usr/sap/tmp/8FB8471A
  • /usr/sap/tmp/0B745BE0
  • /usr/sap/tmp/031C2F07
  • /usr/sap/tmp/9A6C5381
  • /usr/sap/tmp/A0BA1EB7
  • /usr/sap/tmp/A5B0D9C9
  • /usr/sap/tmp/19E0CD74
  • /usr/sap/tmp/12BF7C2F
  • /usr/sap/tmp/525C8C19
  • /usr/sap/tmp/95DEDD37
  • /usr/sap/tmp/6D583F76
  • /usr/sap/tmp/8E3D2FC4
  • /usr/sap/tmp/2BDB68BA
  • /usr/sap/tmp/8290932E
  • /usr/sap/tmp/0BD2642D
  • /usr/sap/tmp/89A496BE
  • /usr/sap/tmp/5595E57B
  • /usr/sap/tmp/731E005A
  • /usr/sap/tmp/2F0CEBE7
  • /usr/sap/tmp/9A7A9DDD
  • /usr/sap/tmp/BB2D87A8
  • /usr/sap/tmp/980F786C
  • /usr/sap/tmp/0D6BBCD3
  • /usr/sap/tmp/968941FB
  • /usr/sap/tmp/84A21928
  • /usr/sap/tmp/003B8C40
  • /usr/sap/tmp/C5742580
  • /usr/sap/tmp/5A3751B4
  • /usr/sap/tmp/292463FA
  • /usr/sap/tmp/AD4DAEA5
  • /usr/sap/tmp/2B054D0D
  • /usr/sap/tmp/6B843CDB
  • /usr/sap/tmp/B0DB654C
  • /usr/sap/tmp/20A43508
  • /usr/sap/tmp/801A4136
  • /usr/sap/tmp/CC1E1692
  • /usr/sap/tmp/592A13A2
  • /usr/sap/tmp/95418402
  • /usr/sap/tmp/17A846E9
  • /usr/sap/tmp/0211891B
  • /usr/sap/tmp/BACB046A
  • /usr/sap/tmp/9AA279FF
  • /usr/sap/tmp/6675F7B9
  • /usr/sap/tmp/A5BB69BA
  • /usr/sap/tmp/D6882454
  • /usr/sap/tmp/8FEEA89D
  • /usr/sap/tmp/EABB1A1A
  • /usr/sap/tmp/5D3FF619
  • /usr/sap/tmp/76B885B3
  • /usr/sap/tmp/4865B927
  • /usr/sap/tmp/1038AE7B
  • /usr/sap/tmp/86E980B2
  • /usr/sap/tmp/3AAA8A38
  • /usr/sap/tmp/0F56500F
  • /usr/sap/tmp/42AC3FC4
  • /usr/sap/tmp/5B2BB27A
  • /usr/sap/tmp/A8B228B8
  • /usr/sap/tmp/3EA4E8E5
  • /usr/sap/tmp/36B4B36D
  • /usr/sap/tmp/E3ADF844
  • /usr/sap/tmp/C1518888
  • /usr/sap/tmp/57F94832
  • /usr/sap/tmp/5CA86608
  • /usr/sap//D00/work/B7D75CFB
  • /usr/sap//D00/work/A8AC407D
  • /usr/sap//D00/work/40DAE2F8
  • /usr/sap//D00/work/355A8294
  • /usr/sap//D00/work/4E70C518
  • /usr/sap//D00/work/F7934DFA
  • /usr/sap//D00/work/B25F5175
  • /usr/sap//D00/work/465FC5D9
  • /usr/sap//D00/work/354D53E8
  • /usr/sap//D00/work/2F488A13
  • /usr/sap//D00/work/4DB9BEC5
  • /usr/sap//D00/work/A3E06308
  • /usr/sap//D00/work/FDA46BF9
  • /usr/sap//D00/work/3BD13576
  • /usr/sap//D00/work/6A900021
  • /usr/sap//D00/work/CF9D3FD0
  • /usr/sap//D00/work/1A78AD06
  • /usr/sap//D00/work/F0B3F987
  • /usr/sap//D00/work/264E1850
  • /usr/sap//D00/work/DE3F905D
  • /usr/sap//D00/work/5ED00784
  • /usr/sap//D00/work/1AFF13A7
  • /usr/sap//D00/work/C0E2AC59
  • /usr/sap//D00/work/509A852A
  • /usr/sap//D00/work/8AF19B84
  • /usr/sap//D00/work/7D85F46F
  • /usr/sap//D00/work/461F0EC5
  • /usr/sap//D00/work/B5E4947D
  • /usr/sap//D00/work/9D0A24E1
  • /usr/sap//D00/work/DA6203AB
  • /usr/sap//D00/work/6238917A
  • /usr/sap//D00/work/0EA7A39F
  • /usr/sap//D00/work/85166953
  • /usr/sap//D00/work/1B733FAF
  • /usr/sap//D00/work/CB48B363
  • /usr/sap//D00/work/850F8556
  • /usr/sap//D00/work/88030426
  • /usr/sap//D00/work/8BC40823
  • /usr/sap//D00/work/B0C03EEF
  • /usr/sap//D00/work/C5CF8B12
  • /usr/sap//D00/work/9DD2454E
  • /usr/sap//D00/work/D47D97D2
  • /usr/sap//D00/work/BA101E2E
  • /usr/sap//D00/work/F2598AEF
  • /usr/sap//D00/work/AF145AEA
  • /usr/sap//D00/work/F0D7C031
  • /usr/sap//D00/work/F0FE0C8B
  • /usr/sap//D00/work/600FDDB4
  • /usr/sap//D00/work/EFCE589A
  • /usr/sap//D00/work/980F2EE8
  • /usr/sap//D00/work/06F1DDDC
  • /usr/sap//D00/work/5E98F24A
  • /usr/sap//D00/work/62BDA408
  • /usr/sap//D00/work/4C3A97ED
  • /usr/sap//D00/work/D74E3FE4
  • /usr/sap//D00/work/A43524DD
  • /usr/sap//D00/work/9C0A8C9E
  • /usr/sap//D00/work/6BCBA801
  • /usr/sap//D00/work/33FCD3E6
  • /usr/sap//D00/work/997AC76F
  • /usr/sap//D00/work/F8832484
  • /usr/sap//D00/work/82184C4E
  • /usr/sap//D00/work/BA236720
  • /usr/sap//D00/work/2C13351E
  • /usr/sap//D00/work/19DA5E0E
  • /usr/sap//D00/work/C462F90D
  • /usr/sap//D00/work/5ADF3DB1
  • /usr/sap//D00/work/7BE6F1C2
  • /usr/sap//D00/work/CE5B8B64
  • /usr/sap//D00/work/EE33D4EE
  • /usr/sap//D00/work/DF270022
  • /usr/sap//D00/work/E97B1EFD
  • /usr/sap//D00/work/C3A06D2A
  • /usr/sap//D00/work/4595FD45
  • /usr/sap//D00/work/E26548EE
  • /usr/sap//D00/work/7FCE8EC4
  • /usr/sap//D00/work/328A308C
  • /usr/sap//D00/work/EC2AA713
  • /usr/sap//D00/work/1212D272
  • /usr/sap//D00/work/1061DD14
  • /usr/sap//D00/work/FF894474
  • /usr/sap//D00/work/F066C42C
  • /usr/sap//D00/work/E47B7950
  • /usr/sap//D00/work/50C932CB
  • /usr/sap//D00/work/2277D709
  • /usr/sap//D00/work/80CC59A6
  • /usr/sap//D00/work/E5684EF0
  • /usr/sap//D00/work/6F4DC7A5
  • /usr/sap//D00/work/D1D1A8FA
  • /usr/sap//D00/work/2A953DA0
  • /usr/sap//D00/work/AF615B41
  • /usr/sap//D00/work/6080ADE0
  • /usr/sap//D00/work/D01A332B
  • /usr/sap//D00/work/5F8BFD46
  • /usr/sap//D00/work/3C22E6BE
  • /usr/sap//D00/work/BA710F32
  • /usr/sap//D00/work/F8BCF432
  • /usr/sap//D00/work/7D99F115
  • /usr/sap//D00/work/31799E79
  • /usr/sap//D00/work/DC771F9F
  • /usr/sap/tmp/3989B13B
  • /usr/sap/tmp/10AF0076
  • /usr/sap/tmp/D372F3B0
  • /usr/sap/tmp/BEA403CD
  • /usr/sap/tmp/8B858D13
  • /usr/sap/tmp/B2973086
  • /usr/sap/tmp/811B3F6E
  • /usr/sap/tmp/2C3C07C8
  • /usr/sap/tmp/8CD7CB0A
  • /usr/sap/tmp/D01999B0
  • /usr/sap/tmp/4AC894F8
  • /usr/sap/tmp/9B4E5970
  • /usr/sap/tmp/34DC1292
  • /usr/sap/tmp/EEBBD91D
  • /usr/sap/tmp/F308D322
  • /usr/sap/tmp/26B16D06
  • /usr/sap/tmp/3A457EA0
  • /usr/sap/tmp/386254DF
  • /usr/sap/tmp/849BB143
  • /usr/sap/tmp/27CB1117
  • /usr/sap/tmp/97AB6119
  • /usr/sap/tmp/5B89D2BD
  • /usr/sap/tmp/7493FE7A
  • /usr/sap/tmp/4792AC89
  • /usr/sap/tmp/AA43D384
  • /usr/sap/tmp/17B8B721
  • /usr/sap/tmp/CED27D62
  • /usr/sap/tmp/AA1A571D
  • /usr/sap/tmp/3125D904
  • /usr/sap/tmp/3C13D17A
  • /usr/sap/tmp/70A65691
  • /usr/sap/tmp/CB422BC2
  • /usr/sap/tmp/A1BC900F
  • /usr/sap/tmp/BA1F0247
  • /usr/sap/tmp/0667A114
  • /usr/sap/tmp/B2A37B85
  • /usr/sap/tmp/CB11EF93
  • /usr/sap/tmp/DA6B341B
  • /usr/sap/tmp/C90EC7E7
  • /usr/sap/tmp/FE64CE2F
  • /usr/sap/tmp/81F3C97B
  • /usr/sap/tmp/1A4C45F8
  • /usr/sap/tmp/54D0BA4F
  • /usr/sap/tmp/745FB971
  • /usr/sap/tmp/435FFB23
  • /usr/sap/tmp/12BA027C
  • /usr/sap/tmp/7F6E788D
  • /usr/sap/tmp/48D323A2
  • /usr/sap/tmp/A62B8CA5
  • /usr/sap/tmp/DF5861CE
  • /usr/sap/tmp/6D3455EE
  • /usr/sap/tmp/BF43BD3C
  • /usr/sap/tmp/CD40F778
  • /usr/sap/tmp/7C2A95D1
  • /usr/sap/tmp/0129BF19
  • /usr/sap/tmp/0CB2EA91
  • /usr/sap/tmp/FB81ADCE
  • /usr/sap/tmp/CC73B93F
  • /usr/sap/tmp/1B37BB76
  • /usr/sap/tmp/16F52AF5
  • /usr/sap/tmp/A61B5819
  • /usr/sap/tmp/0B6F2995
  • /usr/sap/tmp/502AA8A5
  • /usr/sap/tmp/BB87416F
  • /usr/sap/tmp/082D1896
  • /usr/sap/tmp/7B933900
  • /usr/sap/tmp/3E4829C8
  • /usr/sap/tmp/12D9E652
  • /usr/sap/tmp/7E76B741
  • /usr/sap/tmp/A521FC4F
  • /usr/sap/tmp/1EFDA472
  • /usr/sap/tmp/D4E44228
  • /usr/sap/tmp/B219DC1C
  • /usr/sap/tmp/81A3E705
  • /usr/sap/tmp/E19D9160
  • /usr/sap/tmp/60987EE1
  • /usr/sap/tmp/A5A52F2C
  • /usr/sap/tmp/EF06B1F1
  • /usr/sap/tmp/286ACBE4
  • /usr/sap/tmp/7DC2337B
  • /usr/sap/tmp/E0F1E8C5
  • /usr/sap/tmp/F1355551
  • /usr/sap/tmp/9650D5B6
  • /usr/sap/tmp/E4FD71AB
  • /usr/sap/tmp/B0B675C8
  • /usr/sap/tmp/E0FFECF5
  • /usr/sap/tmp/DD6827B8
  • /usr/sap/tmp/B13130C5
  • /usr/sap/tmp/A01D6C59
  • /usr/sap/tmp/F753CACA
  • /usr/sap/tmp/BF535777
  • /usr/sap/tmp/C650D976
  • /usr/sap/tmp/0D7442E9
  • /usr/sap/tmp/5B1A7CF1
  • /usr/sap/tmp/6711F8F1
  • /usr/sap/tmp/F83F5338
  • /usr/sap/tmp/9990D50F
  • /usr/sap/tmp/D806560B
  • /usr/sap/tmp/DB92CDCD
  • /usr/sap/tmp/C589BCB5
  • /var/tmp/89659083
  • /var/tmp/dev_coll.tmp
  • /tmp/tmpfWlroOS
  • /tmp/tmpfWlroOS (deleted)
  • /var/tmp/dev_coll
  • /usr/tmp/saposcol.pid
Deletes files:
  • /var/tmp/89659083
  • /tmp/tmpfWlroOS
  • /var/tmp/dev_coll.old
Other:
Collects CPU information
Collects RAM information
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number